Fallos del tipo CWE-284

4457 resultados
CVE-2026-20203MEDIUMImproper Access Control in Data Model Acceleration in Splunk EnterpriseEPSS 0.2%CVE-2023-21491HIGHImproper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with sEPSS 0.2%CVE-2025-47792MEDIUMNextcloud Desktop 3rdparty applications can create share links via socket APIEPSS 0.2%CVE-2026-9789HIGHNitroSense V3: Security Vulnerability InformationEPSS 0.2%CVE-2023-27301MEDIUMImproper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentEPSS 0.2%CVE-2026-22019MEDIUMVulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported veEPSS 0.2%CVE-2026-9223MEDIUMMissing authorization in the vault import feature in Devolutions Server  2026.1.16.0 and earlier allows a low-privileged authenticated user EPSS 0.2%CVE-2023-26596LOWImproper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentEPSS 0.2%CVE-2023-42969LOWAn app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOEPSS 0.2%CVE-2023-21442MEDIUMImproper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) EPSS 0.2%CVE-2023-21493MEDIUMImproper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected datEPSS 0.2%CVE-2023-21495MEDIUMImproper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device EPSS 0.2%CVE-2026-28218MEDIUMDiscourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query ExecutionEPSS 0.2%CVE-2022-39875MEDIUMImproper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.EPSS 0.2%CVE-2023-22618HIGHIf Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative EPSS 0.2%CVE-2026-46768MEDIUMVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affecEPSS 0.1%CVE-2025-46307MEDIUMA logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user dEPSS 0.1%CVE-2026-56823MEDIUMAutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping TriggeringEPSS 0.1%CVE-2025-25225MEDIUMExtension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for JoomlaEPSS 0.1%CVE-2024-6364MEDIUMServer Identity Validation Bypass in Absolute Persistence®EPSS 0.1%